Hi,
Thanks for the info. I will go ahead with the patch.
As far as the wap_event_assert() function goes, it works as it should. I
mean, its function is to verify that all arguments (including Octstr) are
valid or shutdown. That's how asserts work in kannel. Besides, anyone can
disable them globally by configuring with:
--disable-assertions
BR,
Nikos
----- Original Message -----
From: Armindo Antunes
To: Nikos Balkanas
Cc: [email protected]
Sent: Monday, August 01, 2011 12:04 PM
Subject: Re: wap 1.x and wtls
Hello,
I was using Openwave v7 wap emulator when the NULL assertions occurred.
I also agree that in production assertions should be disabled.
About my suggestion to remove the assert, I think if there's a known
situation when p->user_data can be NULL and all the rest is working well,
the code protection should use a "if" statement to protect the NULL
situation and allow the application to continue the normal execution even in
debug mode.
About the mac[15], please submit the patch, since you know the process
better :)
Best regards,
Armindo
On 30-07-2011 23:08, Nikos Balkanas wrote:
Hi,
The code you are describing is general wap code and doesn't have anything to
do with the wtls patch. This is part of the wap_event_assert() function and
should be there. If you use buggy emulators that send NULL data, you should
disable assertions, not introduce bugs to wap_event_support. In production
you should also not use assertions anyway.
As far as the MAC length goes, I have been using the Openwave 6.2.2
emulator, among others. I am not getting the problem you stet, however, I am
getting "Invalid WSP packet received" by kannel. Therefore, I do not use
Openwave for wtls tests, rather I use the Nokia NMBS 4.0 and Winwap. What
version Openwave are you using?
The mac[10] used there is just for printing purposes in debug logs, not the
algos. That's why propably I've never had it in production, since I don't
use debug level in production logs, for performance reasons. Largest names
are "SHA_NOLIMIT" and "MD5_NOLIMIT", each 11 bytes long. So mac[15] should
be fine. Can you submit a patch to devel, or should I do it?
BR,
Nikos
----- Original Message -----
From: Armindo Antunes
To: Nikos Balkanas
Cc: [email protected]
Sent: Friday, July 22, 2011 5:02 PM
Subject: Re: wap 1.x and wtls
Ops, wrong line numbering.
wap/wap_events.c:
229: #define OCTSTR(name)
230: //gw_assert(p->name != NULL);
231: /* This is a trick to make the Octstr module run its
assertions */
232: //gw_assert(octstr_len(p->name) >= 0);
On 22-07-2011 14:57, Armindo Antunes wrote:
Hi again :)
I'm now able to use WTLS with the openwave simulator.
I've commented the `p->user_data != NULL' assert section in the code
wap/wap_events.c
233: #define OCTSTR(name)
234: //gw_assert(p->name != NULL);
235: /* This is a trick to make the Octstr module run its
assertions */
236: //gw_assert(octstr_len(p->name) >= 0);
I'm not sure why this was null but removing the null assertion seems to
work.
Best regards,
Armindo Antunes
On 22-07-2011 12:15, Armindo Antunes wrote:
Hi all
@Nikos: Thanks for posting the WTLS documentation and for all the support!
:)
About the code, I'me using the version 1.5 from a yesterday "daily
snapshot", so I have the right code.
By analyzing the code, I've solved the crash:
In the file wap/wtls_statesupport.c:1174, mac size of 10 is too small for
macs like: SHA_NOLIMIT, MD5_NOLIMIT
I've fixed this issue by increasing mac size:
1174: char cipher[20], mac[15];
But now, I have another crash :-(
2011-07-22 12:02:25 [20568] [5] PANIC: wap/wap_events.def:142:
wap_event_assert: Assertion `p->user_data != NULL' failed.
Detailed logs:
2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with
'Accept-Charset' header, skipping.
2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2
trailing octets.
2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header.
2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with
'Accept-Charset' header, skipping.
2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2
trailing octets.
2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header.
2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: decoded headers:
2011-07-22 12:02:25 [20568] [1] DEBUG: Encoding-version: 1.3
2011-07-22 12:02:25 [20568] [1] DEBUG: Accept: application/vnd.wap.wmlc,
application/vnd.wap.wmlscriptc, application/vnd.wap.multipart.related,
application/vnd.wap.multipart.mixed, application/vnd.phonecom.mmc-wbxml,
application/octet-stream, application/vnd.oma.drm.message, text/plain,
text/css, image/bmp, image/gif, image/jpeg, image/png, image/vnd.wap.wbmp,
application/vnd.wap.sic, application/vnd.wap.slc, application/vnd.wap.coc,
application/vnd.wap.connectivity-wbxml, application/vnd.wap.xhtml+xml,
application/xhtml+xml;profile="http://www.wapforum.org/xhtml";, text/html,
application/smil, application/vnd.wap.mms-message,
application/vnd.oma.drm.content, application/vnd.oma.drm.message,
application/vnd.oma.drm.rights+xml, application/vnd.oma.drm.rights+wbxml,
image/svg+xml, image/pjpeg, application/x-shockwave-flash,
image/x-vnd.openwave.lzrw1, application/vnd.openwave.svg,
text/vnd.sun.j2me.app-descriptor, application/java-archive,
application/java, application/vnd.oma.dd+xml, text/x-vmessage, image/ems,
audio/wav, audio/x-wav, audio/midi, audio/x-midi,
application/vnd.uplanet.bearer-choice-wbxml
2011-07-22 12:02:25 [20568] [1] DEBUG: User-Agent: OPWV-SDK
UP.Browser/7.0.2.3.119 (GUI) MMP/2.0 Push/PO
2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en-GB
2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en; q=0.8
2011-07-22 12:02:25 [20568] [1] DEBUG: Profile:
http://devgate2.openwave.com/uaprof/OPWVSDK70.xml
2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: End of decoded headers.
2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Session machine:
Encoding-Version: 1.3
2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING
2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: machine 0x88521d0, state
CONNECTING, event S-Connect.res
2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Mapping `Encoding-Version', WSP
1.3 to 0x0043.
2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING_2
2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: resp_machine 0, state
RESULT_WAIT, event TR-Result.req.
2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: begin_sar_result(): data len =
27
2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: dispath_to_wdp(): psn = 0
2011-07-22 12:02:25 [20568] [5] DEBUG: wtls_dispatch_resp ~> Dispatching
datagram to bearerbox
2011-07-22 12:02:25 [20568] [5] DEBUG: Sending Response PDU:
2011-07-22 12:02:25 [20568] [5] DEBUG: PDU type: Application
2011-07-22 12:02:25 [20568] [5] DEBUG: Reserved bit: 0
2011-07-22 12:02:25 [20568] [5] DEBUG: Cipher in use: 1
2011-07-22 12:02:25 [20568] [5] DEBUG: Sequence number in use: -1
2011-07-22 12:02:25 [20568] [5] DEBUG: Record field length present: 1
2011-07-22 12:02:25 [20568] [5] DEBUG: Application:
2011-07-22 12:02:25 [20568] [5] DEBUG: Octet string at 0x8850888:
2011-07-22 12:02:25 [20568] [5] DEBUG: len: 30
2011-07-22 12:02:25 [20568] [5] DEBUG: size: 1024
2011-07-22 12:02:25 [20568] [5] DEBUG: immutable: 0
2011-07-22 12:02:25 [20568] [5] DEBUG: data: 12 86 b9 02 00 15 02 04 80
94 80 00 04 81 94 80 ................
2011-07-22 12:02:25 [20568] [5] DEBUG: data: 00 02 82 00 02 83 03 02 84
01 01 86 c3 93 ..............
2011-07-22 12:02:25 [20568] [5] DEBUG: Octet string dump ends.
2011-07-22 12:02:25 [20568] [5] DEBUG: Packed PDU Length: 56
2011-07-22 12:02:25 [20568] [5] DEBUG: adding address
2011-07-22 12:02:25 [20568] [5] PANIC: wap/wap_events.def:142:
wap_event_assert: Assertion `p->user_data != NULL' failed.
2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(gw_panic+0xcd) [0x80f4b3d]
2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(wap_event_assert+0x2712)
[0x80aa842]
2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(wap_event_destroy+0x16)
[0x80b0ee6]
2011-07-22 12:02:25 [20568] [5] PANIC: wapbox() [0x80cfa8c]
2011-07-22 12:02:25 [20568] [5] PANIC: wapbox() [0x80d0414]
2011-07-22 12:02:25 [20568] [5] PANIC: wapbox() [0x80eb02d]
2011-07-22 12:02:25 [20568] [5] PANIC:
/lib/tls/i686/cmov/libpthread.so.0(+0x596e) [0xc9896e]
2011-07-22 12:02:25 [20568] [5] PANIC:
/lib/tls/i686/cmov/libc.so.6(clone+0x5e) [0x525a0e]
gdb is not helping here (it doesn't show the callstack).
Attached is a wireshark capture of the WTLS + WTP session.
I'm currently using openwave simulator to test WTLS.
Any idea why this p->user_data is null?
Thanks,
Armindo Antunes
On 21-07-2011 21:05, Nikos Balkanas wrote:
That took a while...;-)
If you remove the password from you key, you should also comment out the
privatekey-password from your configuration.
With respect to your key questions, I will submit a patch to the
documentation for wtls, which should answer your questions.
Also, where did you download this kannel version from? Your gdb trace
doesn't correspond to the latest svn:
wap/wtls.c 820: static void wtls_event_handle(WTLSMachine * wtls_machine,
WAPEvent * event)
Verify that you have this line at this position in your sources.
Your gdb stack shows a completely different built:
#8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480
wtls_event_handle is called with the wrong number of arguments (1 <-> 2).
Besides, wtls_event_handle is not called from the state in
wap/wtls_state-decl.h:480.
For instructions on how to download the latest svn go to kannel's site. Else
make sure that you run (and gdb) the correct binary.
BR,
Nikos
----- Original Message ----- From: "Alvaro Cornejo"
<[email protected]>
To: "Armindo Antunes" <[email protected]>
Cc: "Nikos Balkanas" <[email protected]>; <[email protected]>
Sent: Thursday, July 21, 2011 9:38 PM
Subject: Re: wap 1.x and wtls
might be obvious but have you chequed permissions on your key file for
the user running kannel?
|-----------------------------------------------------------------------------------------------------------------|
Envνe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier
celular y Nextel
en el Perϊ, Mιxico y en mas de 180 paises. Use aplicaciones 2 vias via
SMS y GPRS online
Visitenos en www.perusms.NET www.smsglobal.com.mx y
www.pravcom.com
On Thu, Jul 21, 2011 at 1:22 PM, Armindo Antunes
<[email protected]> wrote:
Hi again,
I'm now using openssl v0.9.8.h but it still crashes:
(gdb) where
#0 0x0012d422 in __kernel_vsyscall ()
#1 0x0030a651 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0x0030da82 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x0034149d in ?? () from /lib/tls/i686/cmov/libc.so.6
#4 0x003c2350 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
#5 0x003c22fa in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6
#6 0x080c977e in wtls_choose_ciphersuite (ciphersuites=0x82d8ac0) at
wap/wtls_statesupport.c:1190
#7 0x080c018a in clientHello (event=<value optimized out>,
wtls_machine=0x82d8550) at wap/wtls.c:458
#8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480
#9 main_thread (arg=0x0) at wap/wtls.c:397
#10 0x080ea82d in new_thread (arg=0x82ce7e8) at gwlib/gwthread-pthread.c:362
#11 0x001a196e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#12 0x003ada0e in clone () from /lib/tls/i686/cmov/libc.so.6
(gdb)
Can you provide the openssl commands you have used to create your
certificate?
I've created my the SSL certificate with the following commands:
openssl req -new -newkey rsa:1024 -keyout server.key -out server.req
openssl ca -policy policy_anything -notext -in server.req -out server.crt
And the following configuration:
group = wtls
certificate-file = "/etc/kannel/server.crt"
privatekey-file = "/etc/kannel/server.key"
privatekey-password = "password"
I've tried to remove the password from the private key file with the
command:
openssl x509 -in server.crt -out nopass.crt
but it hasn't worked either:
2011-07-21 19:18:59 [27074] [0] WARNING: Can't read private key
/app/users/vgw1.0/install/etc/kannel/nopass.key
Any other idea?
Thanks in advance,
Armindo Antunes
On 06-07-2011 21:17, Nikos Balkanas wrote:
Hmmm. I had tested it also with Openwave simulator, with no problems. Same
code is used in my commercial gateway in major ISPs (real mobile traffic)
without such problems either. It has been tested and developed using
openssh-0.9.8.[g,h]. Maybe there is something there.
Does this happen only with Openwave, and the 2 mobiles you mentioned, or
with just about anything you have tried?
Please post new detailed wapbox logs of 1 failed attempt. Compile with debug
CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the
core for me (can send details personally). If not post the gdb core function
stack (use: where)
BR,
Nikos
2011/7/6 Armindo Antunes <[email protected]>
Nikos, thanks for the feedback!
See my questions below.
Best regards,
Armindo Antunes
On 06-07-2011 17:27, Nikos Balkanas wrote:
Hi,
Look at the openssl site for certificate instructions. It is not kannel's
responsibility.
Make sure that certificates are self-signed and without password. Comment
out privatekey-password from wtls configuration and retry.
Still the same behavior... any other idea?
Alex:
There was a section in UG about wtls configuration. It even included
certificate generation instructions. Apparently this was removed. Now, that
wtls is supported again, it should be put back.
Is it possible to recover this information? At least the certificate
generation instructions?
Thanks again,
Armindo
